Subject: Re: Requests to lpd from non-reserved ports rejected (& other q's)
To: Rafal Boni <>
From: Brett Lymn <>
List: current-users
Date: 05/17/2001 22:58:24
According to Rafal Boni:
>My chief complaint so far is that `lpd' categorically rejects requests 
>originating from non-reserved ports as "Malformed".   Other than the
>dubious amount of security this gives you, is there some other reason
>for rejecting these requests?

Not that I know of apart from tradition - the lpd in SunOS 4.1.3 does
the same thing so it was probably a Berkley thing.  In this day of
easily having your own unix like machine and/or a wintel box which
does not enforce the "reserved port" paradigm make the security aspect

I know for a fact that Solaris' lpd emulation does not enforce this
because I made a web based print queue manager that exploited this
very characteristic, the real beauty of it is that I don't need all
the printers defined on the web server to make it work - the cgi
(well, really mod_perl) script just connects up to the lpd port on the
selected machine and speaks lpd protocol directly to that machine so I
can get a queue status and/or delete jobs.

>If not, I'll go and whip up a patch to do allow this restriction to be
>turned on/off from the command line.

Probably the source port check should just die.

Brett Lymn, Computer Systems Administrator, BAE SYSTEMS